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ABSTRACT 



A system and method are disclosed for securely establishing 
a cryptographic key between a first cryptographic device, for 
example a host cryptographic security module, and a second 
cryptographic device, for example a bank Automated Teller 
Machine (ATM). A plurality of key components is generated 
from a pool of random numbers and a unique reference 
number indexes each of the key components. The key 
components are encrypted, stored and indexed in the host 
security module by the corresponding reference numbers. 
The key components are arbitrarily distributed lo field 
personnel in tamper evident envelopes to be entered into the 
ATM. Each of the tamper evident envelopes is marked with 
the reference number corresponding to the key component 
contained in the envelope. At least two field personnel each 
enter a different key component into the ATM to form the 
cryptographic key. Each then communicates the reference 
number corresponding to the key component and the iden- 
tification number of the ATM to the host security module. 
The host security module retrieves the encrypted key com- 
ponents corresponding to the reference numbers provided by 
the field personnel, decrypts them, and combines the two 
decrypted key components to recreate the cryptographic key 
created in the ATM. The encrypted cryptographic key may 
be transmitted to a third cryptographic device by means of 
a previously established cryptographic key. 

13 Claims, 3 Drawing Sheets 
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PROVIDE A PLURALITY OF RANDOM NUMBERS HAVING 
A CORRESPONDING REFERENCE NUMBER 
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PROVIDE A FIRST DEVICE COMPRISING AN ELECTRONIC DATABASE 
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PROGRAM THE ELECTRONIC DATABASE SUCH THAT THE RANDOM 
NUMBERS ARE ENCRYPTED AND INDEXED BY THEIR 
CORRESPONDING REFERENCE NUMBER 



/I 



38 



PROVIDE A FIELD DEVICE ASSIGNED A UNIQUE IDENTIFICATION 
NUMBER FOR ENTERING AT LEAST TWO OF THE RANDOM 
NUMBERS THEREIN TO ESTABLISH A CRYPTOGRAPHIC KEY 



40 



COMMUNICATE THE REFERENCE NUMBERS CORRESPONDING 
TO THE RANDOM NUMBERS ENTERED INTO THE FIELD DEVICE 
AND THE IDENTIFICATION NUMBER ASSIGNED TO THE FIELD 
DEVICE TO THE FIRST DEVICE 



42 



RETRIEVE THE ENCRYPTED RANDOM NUMBERS INDEXED BY 
THE REFERENCE NUMBERS COMMUNICATED TO THE FIRST 
DEVICE FROM THE ELECTRONIC DATABASE 



44 



COMBINE THE ENCRYPTED RANDOM NUMBERS INDEXED BY 
THE REFERENCE NUMBERS COMMUNICATED TO THE FIRST 
DEVICE TO RECREATE THE CRYPTOGRAPHIC KEY ESTABLISHED 

IN THE FIELD DEVICE 
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SEX:URE ESTABLISHMENT OF 
CRYPTOGRAPHIC KEYS 

CROSS REFERENCE TO RELATED 
APPLICAnON 

This application claims the benefit of Provisional Appli- 
cation Serial No. 60/078,667, filed Mar. 20, 1998, the entire 
disclosure of which is herein incorporated by reference. 

BACKGROUND OF THE INVENTION 

1. Field of the Invention 

The invention relates to a system and method for securely 
establishing a cryptographic key between a first crypto- 
graphic device and a second cryptographic device. More 
particularly, the invention relates to a system and method for 
establishing initial cryptographic keys for a plurality of 
cryptographic devices that are geographically widely 
scattered, such as bank Automated Teller Machines (ATMs). 

2. Description of Related Art 

A bank or other financial institution may provide Auto- 
mated Teller Machines (ATMs), or equivalent field devices, 
for the convenience of its customers. The ATMs usually 
communicate electronically with a central computer physi- 
cally located at a branch ofiBce of the bank so that the 
customer can manipulate his bank account at any time 
regardless of the operating hours of the branch without 
interacting with a human representative. Such bank trans- 
actions may include the transfer of money between 
accoimts, the deposit and withdrawal of funds and the like. 
Network operating rules and voluntary ANSI Standards 
require the use of cryptography to protect sensitive infor- 
mation such as the Personal Identification Number (PIN) 
usually associated with such bank transactions from poten- 
tial compromise by an opponent intent on committing fraud 
against the network and the cardholder. 

As should be expected, it is necessary for the bank to 
verify that a field device, for example an ATM, is authorized 
to communicate with the central computer at the branch 
office. Such measures endeavor to prevent an unauthorized 
device from imitating the ATM and accessing a customer's 
account without proper authorization. There are a number of 
ways in which to establish secure electronic communica- 
tions between a network of ATMs and the central computer. 
One way is via a dedicated arrangement of data transmission 
lines. The transmission Uncs connect the ATMs direcdy to 
the central computer. Accordingly, only authorized ATMs 
can communicate with the central computer over the dedi- 
cated transmission lines. However, the cost of installing 
dedicated transmission lines and the associated communi- 
cations hardware is generally prohibitive, especially in light 
of the need to secure rights of way to carry the transmission 
hues between each of the ATMs and the central computer. 
Furthermore, even dedicated transmission Hoes may still be 
vulnerable to access by individuals possessing the ability to 
physically tap into the transmission lines. 

A more economical approach to establish secure elec- 
tronic communications between a network of field devices 
and a host device is by means of cryptography. Good 
cryptographic practice requires that each pair of communi- 
cating devices on the network share a unique cryptographic 
key. The use of a unique cryptographic key for each pair of 
communicating devices limits the degree to which an unau- 
thorized user can compromise the network to that one pair 
of devices. Where a plurality of devices are provided with a 
common cryptographic key, often referred to as a Global 
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key, an unauthorized user can compromise any of tt^ 
devices by compromising any one of the devices sharing the 
Global key. For example, an unauthorized user could gain 
access to a large number of ATMs with the knowledge of 

5 only a single cryptographic key. The banking industry 
actually facilitates this high degree of risk since the present 
practice is to load many field devices in a network with a 
Global key for operational convenience. 
Two general types of cryptography are presently in use. 

J (J One type is public key or asymmetric cryptography, for 
example RSA The other type is symmetric cryptography, 
for example the Data Encryption Algorithm (DEA). The 
DEA is currently the most widely used algorithm in ATM 
banking devices. Synunetric cryptography requires the same 
cryptographic key to be established at both cryptographic 
devices, namely the field device and the host device. In 
addition, symmetric cryptography requires the crypto- 
graphic key to be managed imder the principles of split 
knowledge and dual control usually implemented by utiliz- 
ing two different individuals, referred to as key custodians, 

'^^ to establish the key. Each key custodian is entrusted with a 
portion, referred to as a component, of the cryptographic key 
that they must physically enter into the field device, for 
example an ATM. Thus, the key custodians must personally 
visit each ATM in the network in tiu-n to establish the 
appropriate key in the ATM. The same, or other key 
custodians, must then personally visit the host device to 
estabhsh the same cryptographic key in the host device. 
Since the ATMs and the host devices are oftentimes geo- 
graphically widely scattered, it is frequently impractical for 
the key custodians to accomplish the necessary visits within 
an acceptable timeframe. As a result of this key management 
logistics problem, many banks use the same cryptographic 
key for a large number of ATMs on a single ATM network. 

With the above concerns in mind, it is an objective of the 
present invention to provide a system and method for 
securely establishing a unique cryptographic key between a 
first cryptographic device and a second cryptographic 
device. 

It is a further, and more particular, objective of the present 
invention to provide a system and method for securely 
establishing a cryptographic key between a first crypto- 
graphic device and a second cryptographic device without 
the need for the extensive protective measures typically 
required to manage the components of the cryptographic 
key. 

It is still a further objective of the present invention to 
provide a system and method for securely establishing a 
cryptographic key between a first cryptographic device and 

5Q a second cryptographic device that are geographically 
widely scattered. 

It is still a further objective of the present invention to 
provide a system and method for securely establishing a 
cryptographic key between a first cryptographic device and 

55 a second cryptographic device without the custodial over- 
head normally associated with the distribution and secure 
management of the components of the key. 

It is still a further objective of the present invention to 
provide a system and method for securely establishing a 

60 cryptographic key between a first cryptographic device and 
a second cryptographic device wherein a plurality of unre- 
lated random numbers are distributed to serve as key com- 
ponents. 

It is still a further objective of the present invention to 
65 provide a system and method for ensuring a high probability 
that a cryptographic key established between a first crypto- 
graphic device and a second cryptographic device is unique. 
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It is slill a further objective of the present iovention to plurality of key componeais has a first unique identifier, 

provide a system and method for securely establishing a Preferably, the step of providing a phiraliiy of key compo- 

cryptographic key between a first cryptographic device and nents includes the further step of generating a plurality of 

a second crj'ptographic device including a database of random numbers using a strong random number generator 
information relating to the establishment of the crypto- 5 with each of the random numbers corresponding to a pre- 

graphic key that permits the devices, the key custodians and determined reference number. The step of providing a plu- 

the key components utilized to establish the cryptographic rality of key components may also include the further steps 

key to be traced and routinely audited. of sealing each of the key components in a tamper evident 

These and other objectives and advantages will become envelope and marking the envelope with the reference 
more readily apparent to those of skill in the art with 10 number corresponding to the random number inside the 

reference to the following detailed description and the tamper evident envelope. 

accompanying drawing figures. The method includes the second step of providing a first 

cryptographic device comprising an electronic database. 

SUMMARY OF THE INVENTION Preferably, the step of providing a first cryptographic device 

The aforementioned objectives and advantages are real- includes the further step of providing a Tamper Resistant 

ized by a system and method for establishing secure cryp- Security Module (TRSM). The method includes the third 

tographic keys between cryptographic devices according to step of programming the electronic database of the first 

the present invention. The system includes a plurality of key cryptographic device such that each of the plurality of key 

components, each having a first unique identifier. Preferably, components is encrypted and indexed by its corresponding 

each of the key components is a random number generated first unique identifier. 

by a strong random number generator and is indexed to a The method includes the fourth step of providing a second 
predetermined reference number. cryptographic device for entering at least two of the plurality 
The system further includes a first cryptographic device. of key components therein to estabhsh a cryptographic key, 
The first cryptographic device includes an electronic data- the second cryptographic device being assigned a second 
base wherein each of the key components is encrypted and unique identifier for a purpose to be described hereinafter, 
indexed by its corresponding first unique identifier. Preferably, the step of providing a second cryptographic 
Preferably, the first cryptographic device further includes a device includes the further step of providing a bank Auto- 
Tamper Resistant Security Module (TRSM). The system mated TeUer Machine (ATM). 

further includes a second cryptographic device for entering The method includes the fifth step of communicating the 

at least two of the key components therein to establish the first unique identifier of the key components entered into the 

cryptographic key within the second cryptographic device. second cryptographic device and the second unique identi- 

The second cryptographic device is assigned a second fier assigned to the second cryptographic device to the first 

unique identifier for a purpose to be described hereinafter. cryptographic device. Preferably, the step of communicating 

Preferably, the second cryptographic device is a bank ATM includes the further step of electronically commxmicating the 

and the at least two key components are entered into the first unique identifiers and the second unique identifier to the 

ATM. Most preferably, the two key components entered into first cryptographic device via an interactive voice response 

the ATM are different and are entered by different key unit. 

custodians, for example an installation and service repre- method includes the sixth step of retrieving the 
sentative and a bank representative. ^ encrypted key components indexed by the first unique 
The system further includes means for communicating the identifiers communicated to the first cryptographic device, 
first unique identifier of the key components entered into the Finally, the method includes the seventh step of combining 
second cryptographic device and the second unique identi- the encrypted key components to recreate the cryptographic 
fier assigned to the second cryptographic device to the first key established in the second cryptographic device. For a 
cryptographic device. Preferably, the means for communi- 45 purpose to be described hereinafter, the method of the 
eating is an interactive voice response unit in conjunction invention may also include the eighth step of transmitting 
with an input device, such as a DTMF or "touch-tone" the cryptographic key recreated in the first cryptographic 
telephone. The first cryptographic device further includes device to a third cryptographic device. Preferably the cryp- 
means for retrieving and combining the encrypted key tographic key is transmitted to the third cryptographic 
components indexed by the first unique identifiers corre- jq device by means of a Key Encryption Key previously 
spending to the key components entered into the second established in a known manner, 
cryptographic device from the electronic database to recre- 
ate the cryptographic key established in the second crypto- BRIEF DESCRIPTION OF THE DRAWINGS 
graphic device. 

- , 1 r FIG. lis a schematic diagram ofa system according to the 
Preferably, the system fiirther corEpnses a plurality of ss present invention for estabUshing secure cryptographic 

tamper evident envelopes. Each of the tamper evident enve- Wvc- •'r <y r 

lopes is utilized to retain and transport one of the key ^ . , . ^ 

components corresponding to the first unique identifier /^G. 2 is a schematic diagram of the mtermediary device 

marked on the inside or the outside of the envelope. If the ^^^^^ °^ 

seal on the tamper evident envelope is broken, the key go FIG. 3 is a flowchart of a method according to the present 

custodian merely discards the first and selects a second invention for establishing secure cryptographic keys, 
envelope containing another random number to be entered 

into the second cryptographic device. Accordingly, it is not DETAILED DESCRIPTION OF THE 

necessary to obtain a new key component that is related to PREFERRED EMBODIMENTS 
another key component in a predetermined manner. 55 Referring now to the accompanying drawings, FIG. 1 is a 

The method of the invention includes the first step of schematic diagram of a system, indicated generally at 10, 

providing a plurality of key components wherein each of the according to the present invention. The system 10 comprises 
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an imermediary device 11, a field device 14 and a host Of course, this can most easily be accomplished by the 
device 15. The intermediary device 11, the field device 14 operator of intermediary device 11 not divulging the identity 
and the host device 15 are each a cryptographic device for of one individual to the other. It should be understood that 
conducting secure electronic communications. Preferably, entry of the random numbers inside the envelopes 17. 18 can 
the intermediary device 11 is a conventional computer used 5 be performed by one individual. However, such is not 
in conjunction with a Tamper Resistant Security Module preferred since doing so violates the dual control and split 
(TRSM), such as that sold by Eracom imder the trade name knowledge requirement of the currently applicable standards 
CSA-7000. Preferably, the field device 14 is a conventional for key management, such as ANS X9.24 Retail Key Man- 
Automated Teller Machine (ATM). Preferably, the host agemeni. 

device 15 is a conventional computer that acts as a server for Upon successful entry of his or her random number into 

a network of field devices, and in particular, ATMs. field device 14, individual 12 communicates the reference 

Intermediary device 11 comprises means for generating a number of the envelope 17 corresponding to the random 
pool of random numbers. Concurrently with the generation number on the inside of the envelope to the intermediary 
of the pool of random numbers, a pool of reference numbers device 11. Preferably, the individual 12 communicates the 
is also generated having a one-to-one correlation with the reference number to the intermediary device 11 over a 
random numbers. Thus, each of the random numbers has a conventional telephone line 19 using a DTMF or "touch- 
unique reference number. Each of the numbers in the pool of tone" phone. It should be understood that any suitable 
random numbers is then encrypted in a known manner and known means can be employed to communicate the refer- 
stored within intermediary device 11 indexed by its unique ence number to the intermediary device 11 including, but not 
reference number. The operator of the intermediary device 20 limited to, the Internet and wireless communications 
11 creates a plurality of envelopes 17, 18. Each of the devices, such as a cellular phone or terminal. Preferably, 
envelopes 17, 18 has one of the random numbers from the individual 12 is first required to communicate a prcdcter- 
pool indicated, for example printed, on the inside of the mined USERID and ACCESS CODE to intermediary device 
envelope and the reference number corresponding to the 11 for security purposes. Upon verification of the authen- 
random number inside the envelope indicated, for example 25 ticity of the USERID and ACCESS CODE, individual 12 is 
printed, on the exterior or on the interior of the envelope. then prompted to transmit an ATM ID number or code and 
Preferably, envelopes 17 and 18 are tamper evident enve- the reference number of the envelope 17 used to enter the 
lopes such as those that banks or other financial institutions corresponding random number into the field device 14. The 
use to transmit Personal Identification Numbers (PINs). encrypted random number indexed by the reference number 

In a preferred embodiment, the operator of the interme- 30 is then retrieved from the memory of the intermediary 

diary device 11 provides several of the plurality of envelopes device 11 for subsequent decryption as will be described 

17, 18 to each of two individuals 12, 13 for estabLLdiing a hereinafter. 

cryptographic key between the intermediary device 11 and Individual 13 performs the same process substituting her 
the field device 14, as will be described in greater detail or her USERID and ACCESS CODE to transmit the refer- 
hereinafter. Individual 12, who is preferably an installation 35 ence number corresponding to the random number inside 
and service representative for field device 14, selects one of envelope 18. As should be expected, intermediary device 11 
the several envelopes 17 provided to him or her and inspects verifies the USERID and ACCESS CODE provided by 
the envelope for external evidence of tampering. In the event individual 13 before accepting the reference ntmiber of 
tampering is evident, that particular envelope 17 is discarded envelope 18. Preferably, intermediary device 11 compares 
and the random number is thus eliminated from the pool of 40 the USERID provided by individual 13 to the USERID 
random numbers. After ensuring that an envelope 17 shows previously provided by individual 12 to ensure that the same 
no external evidence of tampering, individual 12 opens the individual does not enter both reference numbers for the 
envelope and enters the random number indicated on the same ATM ID. Still further, intermediary device 11 prefer- 
inside of the envelope 17 into the field device 14. The ably compares the reference number provided by individual 
random number is entered into the field device 14 in a 45 13 to the reference number previously provided by indi- 
conventional manner including verification of the key check vidual 12 to ensure that two different random numbers are 
value. entered into the ATM. After successful transmission of the 

Individual 13, who is preferably a bank representative, appropriate data to intermediary device 11, the envelopes 17 
selects one of the several envelopes 18 provided to him or and 18 selected and used to establish the cryptographic key 
her and examines the envelope for external signs of tam- 50 in the field device 14 are destroyed for security purposes, 
pering. In the event tampering is evident, that particular Assuming that the individuals 12 and 13 and the data 
envelope 18 is discarded and the random number is thus communicated to the intermediary device 11 are success- 
eliminated from the pool of random nimibers. After ensuring fully verified, the encrypted random number indexed by the 
that an envelope 18 shows no external evidence of reference number transmitted by individual 13 is retrieved 
tampering, individual 13 opens the envelope and enters the 55 from the memory of the intermediary device 11, decrypted, 
random number indicated on the inside of the envelope 18 and combined with the decrypted random number corre- 
into the field device 14. The random number is entered into spending to the reference number provided by individual 12. 
the field device 14 in a conventional manner including The combined number forms the cryptographic key for the 
verification of the key check value. ATM identified by the ATM ID. Accordingly, the interme - 

Together the random numbers entered into the field device 60 diary device 11 is in possession of the cryptographic key 

14 from envelopes 17 and 18 form the cryptographic key for established in the field device 14. In the case of a network 

the field device. The use of two individuals to establish the of ATMs, the oyptographic key is known as the ATM key 

cryptographic key is required to achieve the desired dual for the particular ATM ID. The ATM key is next encrypted 

control and split knowledge necessary to ensure that the by a Key Encrypting Key (KEK) previously established 

entire key remains secret. Accordingly, it is imperative that 65 between the intermediary device 11 and the Host Security 

neither of the individuals 12, 13 discloses the random Module (HSM) of the host device 15 using, for example, 

number inside their respective envelopes 17, 18 to the other. traditional methods of key management. Finally, the 



11/25/2003, EAST Version: 1.4.1 



us 6,606^ 

7 

encrypted ATM key is transmitted by coDveaiional means, 
such as a private network connection or a public telephone 
line, to the host device 15. 

The HSM of the host device 15 shares the KEK with the 
intermediary device U and therefore is able to recover the 5 
clcar-tcxl /&M key. After decryption of the value encrypted 
by the KEK, the ATM key is encrypted once again using the 
Master Key of host device 15. Preferably, host device 15 is 
in electrical communication with field device 14 in a con- 
ventional manner. In a known manner, the normal host 
processing program, for example Applied Coomiunications, 
Inc. (ACl) BASE24®, then uses its normal processing 
functions to transmit a new key encrypted by the newly 
estabhshed ATM key to the field device 14 to replace the 
ATM key established by the individuals 12 and 13. jj 

Intermediary device 11, as schematically illustrated in 
FIG. 2, comprises an Incoming Communication Services 
(ICS) unit 21. ICS unit 21 handles incoming phone calls or 
communications from the individuals 12 and 13 who physi- 
cally enter the random numbers into field device 14. The 20 
preferred embodiment illustrated presupposes that the 
incoming communication is over a conventional telephone 
line by a DTMF or "touch-tone" phone. Thus, ICS unit 21 
needs only to be a DTMF capable circuit, such as a com- 
mercially available Dialogic® or NewVoice circuit. 25 
However, any other functionally similar means of commu- 
nication is acceptable. Outgoing Communication Services 
(OCS) unit 22 serves the purpose of communicating the 
encrypted ATM key from intermediary device 11 to host 
device 15. The communication can be implemented, for 30 
example via an Ethernet network, Token Ring network, or 
other suitable means. Applications Supervisor 20 serves to 
orchestrate the overall flow of the system processing. This 
includes USERID verification, ATM ID management and 
verification, and component management as well as acting 35 
as the communications interface. 

System Log Service unit 23 provides a record of all 
operations that have taken place during the generation of the 
candidate components and the creation of the ATM key 
established in the field device 14. Electronic database 25 40 
contains all the information required to run and maintain the 
system fiinctions as well as the encrypted pool of random 
numbers. Preferably, the electronic database is the ACCESS 
97 database program. However, any known functionally 
similar electronic database could be substituted for the 45 
ACCESS 97 database program. Crypto Services unit 26 
provides all the required cryptographic processing support 
via a programming interface between application supervisor 
20 and the cryptographic hardware TRSM 27, which as 
previously mentioned is preferably an Eracom CSA-7000 50 
Cryptographic Adapter. However, any known functionally 
similar cryptographic adapter is acceptable. Administrative 
Services unit 24 bandies the database maintenance and other 
general system administration functions. 

FIG. 3 is a flowchart illustrating a preferred embodiment 55 
of a method 30 according to the invention. The method 
comprises the first step 32 of providing a plurality of random 
numbers, each having a corresponding reference number. 
Preferably, the plurality of random numbers is generated by 
a strong random number generator so that the likelihood of 60 
reoccurrence is extremely small. The method comprises the 
second step 34 of providing a host (i.e., first) device com- 
prising an electronic database. Preferably, the first device is 
intermediary U. However, the functions of the first device 
may also be accomplished by host device 15 operated, for 65 
example, by a bank or other financial institution. The method 
comprises the third step 36 of programming the electronic 
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database such that the random numbers are encrypted and 
indexed by their corresponding unique reference numbers. 

The method comprises the fourth step 38 of providing a 
field device 14 assigned a imique identification number for 
entering at least two of the random numbers therein to 
establish a cryptographic key. Preferably, the field device is 
an ATM and the unique identification number is an ATM ID. 
The method comprises the fifth step 40 of communicating 
the reference niunbers corresponding to the random numbers 
entered into the field device 14 and the unique identification 
number assigned to the field device to the first device (ie., 
intermediary 11). Preferably, the reference numbers and the 
ATM ID are communicated to the first device by the 
individuals 12 and 13 via an interactive voice response unit 
such as a DTMF or "touch-tone" phone. The method com- 
prises the sixth step 42 of retrieving, from the electronic 
database, the encrypted random numbers indexed by the 
reference numbers communicated to the first device. These 
retrieved encrypted random numbers are then decrypted. 
Finally, the method comprises the seventh step 44 of com- 
bining the decrypted random numbers indexed by the ref- 
erence numbers communicated to the first device to recreate 
the cryptographic key established in the field device 14. The 
method may comprise the further step (not shown) of 
transmitting the cryptographic key recreated by the first 
device to yet another cryptographic device, such as host 
device 15. 

The preceding recitation is provided as an example of a 
preferred embodiment according to the invention and is not 
meant to limit the nature or scope of the invention as defined 
by the appended claims. Specifically, while the system and 
method described herein are particularly well suited for 
establishing unique cryptographic keys between a plurality 
of ATMs and a host central computer, any pair of crypto- 
graphic devices that arc geographically widely scattered and 
require secure electronic communications could implement 
the system and method of the invention. 

What is claimed is: 

1. A system for securely establishing a shared crypto- 
graphic key between a first cryptographic device and a 
second cryptographic device, said system comprising: 

a plurality of randomly-generated key components, each 
of said plurality of key components having a corre- 
sponding unique component identifier that is used as an 
index to store an encrypted version of the key compo- 
nent in an electronic database accessible to a first 
cryptographic device; 

means for separately entering into a second cryptographic 
device, by each of a plurality of key custodians, a 
different one of said plurality of key components, said 
second cryptographic device being assigned a unique 
device identifier; 

means for combining, at the second cryptographic device, 
the plurality of entered key components to create a new 
shared cryptographic key to be shared between the 
second cryptographic device and the first cryptographic 
device; 

means for communicating, to the fist cryptographic 
device, the unique component identifier corresponding 
to each one of the entered key components and said 
unique device identifier assigned to said second cryp- 
tographic device; and 

means for determining, by the first cryptographic device, 
the shared cryptographic key, further comprising: 
means for receiving each of the communicated unique 
component identifiers and the communicated unique 
device identifier; 
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means for using each of the received unique component 
identifiers as the index into the electronic database, 
to retrieve the stored encrypted version of each of the 
key components to which the received unique com- 
ponent identifiers correspond; 5 

means for decrypting each of said retrieved encrypted 
versions of the key components, thereby creating 
decrypted key components; 

means for combining said decrypted key components to 
create the first cryptographic device's copy of said 
shared cryptographic key created in said second 
cryptographic device; and 

means for determining that the copy is the shared 
cryptographic key to be shared between the first 
cryptographic device and the second cryptographic 
device, because the unique device identifier received 
with the unique component identifiers is assigned to 
the second cryptographic device. 

2. The system according to claim 1, wherein said first 
cryptographic device is a host security module. 

3. The system according to claim 1, wherein said send 20 
cryptographic device is a bank Automated Teller Machine 
(ATM). 

4. The system according to claim 1, wherein said means 
for communicating comprises an interactive voice response 
unit. 25 

5. The system according to claim 1, further comprising a 
plurality of tamper evident envelopes for retaining and 
transporting said plurality of key components from said first 
cryptographic device to said second cryptographic device. 

6. A method for securely establishing a shared crypto- 
graphic key between a first cryptographic device and a 
second cryptographic device, said method comprising steps 
of: 

providing a plurality of randomly-generated key 
components, wherein each of the plurality of key 
components has a corresponding unique component 
identifier; 

programming an electronic database of a first crypto- 
graphic device such that an encrypted version of each 
of the plurality of key components is stored therein, 
each of the encrypted versions indexed by its corre- 
sponding unique component identifier; 

separately entering, into a second cryptographic device by 
each of a plurality of key custodians, a different one of 
the plurality of key components, the second crypto- 
graphic device being assigned a unique device identi- 
fier; 

combining, by the second cryptographic device, the 
entered key components to create a new shared cryp- 
tographic key to be shared between the second cryp- 
tographic device and the first cryptographic device; 

communicating, to the first cryptographic device, the 
unique component identifier corresponding to each of 
the entered key components and the unique device 55 
identifier assigned to the second cryptographic device; 

receiving, by the first cryptographic device, the commu- 
nicated unique component identifiers and the commu- 
nicated unique device identifier; 

using, by the first cryptographic device, each of the 60 
received unique component identifiers as the index into 
the electronic database, to retrieve the stored encrypted 
version of the key components to which the received 
unique component identifiers correspond; 

decrypting, by the first cryptographic device, the retrieved 65 
encrypted version of each of the key components, 
thereby creating decrypted key components; 
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combining, by the first cryptographic device, the 
decrypted key components to create a copy of (he 
shared cryptographic key created in the second cryp- 
tographic device; and 

determining, by the first cryptographic device, that the 
copy is the shared cryptographic key to be shared 
between the first cryptographic device and the second 
cryptographic device, because the unique device iden- 
tifier received with the unique component identifiers is 
assigned to the second cryptographic device. 

7. The method according to claim 6, further comprising 
the steps of: 

securely transmitting the copy of the shared cryptographic 
key created in he first cryptographic device to a third 
cryptographic device. 

8. The method according to claim 6, wherein the step of 
providing a first cryptographic device comprises the further 
step of providing a host security module. 

9. The method according to claim 6, wherein the step of 
providing a second cryptographic device comprises the 
further step of providing a bank Automated Teller Machine 
(ATM). 

10. The method according to claim 6, wherein the step of 
communicating comprises the further step of electronically 
communicating the unique component identifiers corre- 
sponding to the entered key components and the unique 
device identifier to the first cryptographic device via an 
interactive voice response unit. 

11. The method according to claim 6, wherein the step of 
providing a plurality of key components comprises the 
further steps of sealing each of the key components in a 
separate tamper evident envelope and marking each enve- 
lope with the unique component identifier corresponding to 
the key component sealed therein. 

12. A method for securely establishing a shared crypto- 
graphic key between a first cryptographic device and a 
second cryptographic device, comprising steps of: 

initially creating, at the second cryptographic device, a 
copy of the shared cryptographic key, further compris- 
ing steps of: 

entering, by each of at least two key custodians, a 
distinct key component into the second crypto- 
graphic device; and 
combining the entered key components, thereby creat- 
ing the second cryptographic device's copy of the 
shared cryptographic key; 
communicating, to the first cryptographic device for each 
of the entered key components, a unique component 
identifier that corresponds to the entered key 
component, along with a unique device identifier 
assigned to the second cryptographic device; and 
subsequently creating, by the first cryptographic device, 
another copy of the shared cryptographic key, further 
comprising steps of: 

receiving the communicated unique component identi- 
fiers and the communicated unique device identifier; 

using each of the received component identifiers as an 
index value to retrieve, from a database in which 
encrypted versions of a plurality of key components, 
including the entered key components, are stored 
with their corresponding unique component identi- 
fier as the index value, the encrypted version corre- 
sponding to each of the received component identi- 
fiers; and 

combining decrypted versions of each of the retrieved 
encrypted versions, thereby creating the first cryp- 
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lographic device's copy of ihe shared cryptographic 13. The method according to claim 12, wherein the 
key, wbereia the first cryptographic device uses the communicating step is not communicating &om the second 
communicated imique device identifier to identify cryptographic device, 
the second cryptographic device with which this 

shared cryptographic key is to be shared. ♦ ♦ * « * 
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